EDNS0 client subnet in BIND 9.10

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

EDNS0 client subnet in BIND 9.10

Ben Croswell
I would like to use the client subnet option to overcome some hurdles related to proximity load-balancing.

I have looked through the ARM and found references to setting the option in a dig. However I was not able locate options for sourcing that option on the DNS server.

Is anyone using ECS currently? 

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: EDNS0 client subnet in BIND 9.10

Tony Finch
Ben Croswell <[hidden email]> wrote:
>
> I have looked through the ARM and found references to setting the option in
> a dig. However I was not able locate options for sourcing that option on
> the DNS server.

BIND currently supports ECS on authoritative servers in ACLs for selecting
views. Recursive ECS support is currently only available in the subscriber
edition, not in open source BIND. See
https://kb.isc.org/article/AA-01310/0

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/  -  I xn--zr8h punycode
Trafalgar: Northerly or northeasterly 5 to 7. Rough occasionally moderate.
Occasional rain. Moderate or good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: EDNS0 client subnet in BIND 9.10

Mukund Sivaraman
I'm not sure how ECS would be useful for load-balancing, as in the best
case scenario it would require one to control every client side to send
the client-subnet option.

On Fri, Nov 10, 2017 at 04:44:10PM +0000, Tony Finch wrote:
> Ben Croswell <[hidden email]> wrote:
> >
> > I have looked through the ARM and found references to setting the option in
> > a dig. However I was not able locate options for sourcing that option on
> > the DNS server.
>
> BIND currently supports ECS on authoritative servers in ACLs for selecting
> views.

This is broken and not recommended for production use.

                Mukund
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: EDNS0 client subnet in BIND 9.10

Ray Bellis
On 11/11/2017 04:50, Mukund Sivaraman wrote:
> I'm not sure how ECS would be useful for load-balancing, as in the best
> case scenario it would require one to control every client side to send
> the client-subnet option.

It would help if Ben provided more details about what he's trying to
achieve.

I do have a draft that I'm trying to get adopted at IETF to allow
client-related information to be carried from load balancer to back-end
server.  It's not yet implemented in BIND, though:

<https://tools.ietf.org/html/draft-bellis-dnsop-xpf-03>

Ray

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: EDNS0 client subnet in BIND 9.10

Ben Croswell
The use case i am looking at is using ECS or some other mechanism to pass the IP of client making the query to the global load-balancer. This information could then be used by the global load-balancer in making proximity decisions when crafting its response.
I.e. GLB sees 10.1.1.1 and returns a given IP but if it sees 10.2.2.2 the answer is different. 

On Nov 11, 2017 5:31 AM, "Ray Bellis" <[hidden email]> wrote:
On 11/11/2017 04:50, Mukund Sivaraman wrote:
> I'm not sure how ECS would be useful for load-balancing, as in the best
> case scenario it would require one to control every client side to send
> the client-subnet option.

It would help if Ben provided more details about what he's trying to
achieve.

I do have a draft that I'm trying to get adopted at IETF to allow
client-related information to be carried from load balancer to back-end
server.  It's not yet implemented in BIND, though:

<https://tools.ietf.org/html/draft-bellis-dnsop-xpf-03>

Ray

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: EDNS0 client subnet in BIND 9.10

Ray Bellis
On 11/11/2017 19:46, Ben Croswell wrote:
> The use case i am looking at is using ECS or some other mechanism to
> pass the IP of client making the query to the global load-balancer. This
> information could then be used by the global load-balancer in making
> proximity decisions when crafting its response.
> I.e. GLB sees 10.1.1.1 and returns a given IP but if it sees 10.2.2.2
> the answer is different. 

Thanks for the clarification, that is indeed a typical use case for ECS,
rather than for my XPF draft.

kind regards,

Ray
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users